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Information on the current status of this and other ETSI documents is available at 

http://portal.etsi.orq/tb/status/status.asp 

If you find errors in the present document, please send your comment to one of the following services: 

http://portal.etsi.orq/chaircor/ETSI support.asp 

Copyright Notification 

No part may be reproduced except as authorized by written permission. 
The copyright and the foregoing restriction extend to reproduction in all media. 

© European Telecommunications Standards Institute 2006. 
All rights reserved. 

DECT'^", PLUGTESTS™ and UMTS™ are Trade IVlarks of ETSI registered for the benefit of its IVIembers. 
TIPHON^" and the TIPHON logo are Trade Marks currently being registered by ETSI for the benefit of its Members. 
2QppTM |g g jracle Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. 



ETSI 



3GPP TS 33.1 06 version 7.0.1 Release 7 2 ETSI TS 1 33 1 06 V7.0.1 (2006-01 ) 



Intellectual Property Rights 



IPRs essential or potentially essential to the present document may have been declared to ETSI. The information 
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found 
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in 
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web 
server ( http://webapp.etsi.org/IPR/home.asp ). 

Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee 
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web 
server) which are, or may be, or may become, essential to the present document. 



Foreword 

This Technical Specification (TS) has been produced by ETSI 3rd Generation Partnership Project (3GPP). 

The present document may refer to technical specifications or reports using their 3GPP identities, UMTS identities or 
GSM identities. These should be interpreted as being references to the corresponding ETSI deliverables. 

The cross reference between GSM, UMTS, 3GPP and ETSI identities can be found under 
http://webapp.etsi.org/kev/quervform.asp . 
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Foreword 



rd , 



This Technical Specification (TS) has been produced by the 3 Generation Partnership Project (3GPP). 

The contents of the present document are subject to continuing work within the TSG and may change following formal 
TSG approval. Should the TSG modify the contents of the present document, it will be re-released by the TSG with an 
identifying change of release date and an increase in version number as follows: 

Version x.y.z 

where: 

X the first digit: 

1 presented to TSG for information; 

2 presented to TSG for approval; 

3 or greater indicates TSG approved document under change control. 

y the second digit is incremented for all changes of substance, i.e. technical enhancements, corrections, 
updates, etc. 

z the third digit is incremented when editorial only changes have been incorporated in the document. 



Introduction 



This Technical Specification has been produced by the 3GPP TSG SA to allow for the standardisation in the area of 
lawful interception of telecommunications. This document describes in general the requirements for lawful interception. 

Laws of individual nations and regional institutions (e.g. European Union), and sometimes licensing and operating 
conditions define a need to intercept telecommunications traffic and related information in modern telecommunications 
systems. It has to be noted that lawful interception shall always be done in accordance with the applicable national or 
regional laws and technical regulations. 
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Scope 



The present document provides basic interception requirements within a Third Generation Mobile Communication 
System (3GMS) based on ETSI TS 101 331 [2] and other national regulatory requirements and GSM specifications 
GSM TS 01.33 [5], GSM TS 02.33 [6] and GSM TS 03.33 [7]. 

The specification describes the service requirements from a Law Enforcement point of view only. The aim of this 
document is to define a 3GMS interception system that supports a number of regional interception regulations, but these 
regulations are not repeated here as they vary. Regional interception requirements shall rely on this specification to 
derive such information as they require. 

These interception requirements shall be used to derive specific network requirements. 

For details see: 

Stage 2: 3GPP TS 33.107 [9]; 

Stage 3: 3GPP TS 33.108 [10]. 



References 



The following documents contain provisions which, through reference in this text, constitute provisions of the present 
document. 

• References are either specific (identified by date of publication, edition number, version number, etc.) or 
non-specific. 

• For a specific reference, subsequent revisions do not apply. 

• For a non-specific reference, the latest version applies. 

[1] European Union Council Resolution on the Lawful Interception of Telecommunications (17. 

January 1995) 

[2] ETSI TS 101 331: "Telecommunications security; Lawful Interception (LI); Requirements of Law 

Enforcement Agencies". 

[3] ETSI ES 201 158: "Lawful Interception; Requirements for network functions". 

[4] ETSI ES 201 671: "Handover Interface for the lawful interception of telecommunications traffic". 

[5] GSM 01.33: "Lawful Interception requirements for GSM". 

[6] GSM 02.33:" Lawful Interception - stage 1". 

[7] GSM 03.33: "Lawful Interception - stage 2". 

[8] J-STD-025-A: "Lawfully Authorized Electronic Surveillance". 

[9] 3GPP TS 33.107: "3rd Generation Partnership Project; Technical Specification Group Services 

and System Aspects; 3G Security; Lawful interception architecture and functions". 

[10] 3GPP TS 33.108: "3rd Generation Partnership Project; Technical Specification Group Services 

and System Aspects; 3G Security; Handover interface for Lawful Interception". 



£75/ 



3GPP TS 33.106 version 7.0.1 Release 7 6 ETSI TS 133 106 V7.0.1 (2006-01) 



Definitions and abbreviations 



3.1 Definitions 

For the purposes of the present document, the following terms and definitions apply. 

Interception Area: is a subset of the Public Lands Mobile Network (PLMN) service area comprised of a set of cells 
which define a geographical zone. 

Location Dependent Interception: is interception within a PLMN service area that is restricted to one or several 
Interception Areas (lA). 

Network Based Interception: Interception that is invoked at a network access point regardless of Target Identity. 

Subject Based Interception: Interception that is invoked using a specific Target Identity 

Target Identity: A technical identity that uniquely identifies a target of interception. One target may have one or 
several identities. 

3.3 Abbreviations 

For the purposes of the present document, the following abbreviations apply: 

CC Content of Communication 

lA Interception Area 

IP Internet Protocol 

IRI Intercept Related Information 

LDI Location Dependent Interception 

LEA Law Enforcement Agency 

LEMF Law Enforcement Monitoring Facility 

3GMS Third Generation Mobile Communications System 

VHE Virtual Home Environment 



4 Relationsiiip to Regional Requirements 

Interception requirements are subject to national law and international treaties and should be interpreted in accordance 
with applicable national policies. 

Requirements universally called out in regional interception regulatory requirements are supported by the system 
defined in this document. Requirements unique to a specific region are not addressed (some examples are given in 
Section 2 as references). 

The intercept system defined here provides subject based interception. Network based interception is not included. 



5 Requirements 

5.1 Description of requirements 

This section gives the general description of lawful interception requirements. 
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5.1 .1 General technical requirements 



Figure 1 shows the general system for interception. Technical interception is implemented within a 3GMS by special 
functionality on network elements shown in the figure. 




TECHNICAL INTERCEPTION 
HANDOVER INTERFACE 



Figure 1 : General specification for interception 



5.1.2 General principles 

3GMS shall provide access to the intercepted Content of Communications (CC) and the Intercept Related Information 
(IRI) of the mobile target on behalf of Law Enforcement Agencies (LEAs). 

A mobile target in a given 3GMS can be a subscriber of that 3GMS, or a user roaming from another 3GMS or from any 
other network capable of using that 3GMS (such as a GSM or mobile satellite). The intercepted CC and the IRI can 
only be delivered for activities on that given 3GMS. 

For interception, there needs to be a means of identifying the target, correspondent and initiator of the communication. 
Target Identities used for interception of CS and GPRS service shall be MSISDN, IMEI and IMSI. Target Identities for 
multi-media shall be SIP URL. Other target identities for multi-media are for further study. When network encryption is 
introduced, it shall be a national option as to whether the network provides the CC to the agency decrypted, or 
encrypted with a key available to the agency. User provided end to end, encryption, encoding or compression cannot be 
removed by the network. 



Location Dependent Interception, (LDI) allows a 3GMS to service multiple interception jurisdictions within its service 
area. Multiple law agencies with their own interception areas can be served by the 3GMS. All the information or rules 
given for interception within a 3GMS apply to interception within an lA when Location Dependent Interception is 
invoked. A target may be marked in one or more different lAs within the same 3GMS. Interception is not required nor 
prohibited by this standard when Location Dependent Interception is active and the location of the target subscriber is 
not known or available. 
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5.1 .3 Applicability to telecommunication services 

The requirement for lawful interception is that all telecommunications services for the 3GMS standards should be 
capable of meeting the requirements within this document. 

5.1 .4 Interception within the Home and Visited Network 

The introduction of the Virtual Home Environment, VHE, means that significant portions of subscriber services can be 
executed in the home or visited network, regardless of where the target is physically located. 

The visited network shall intercept only those UMTS services that the visited network provides to the target subscriber. 
Furthermore, the visited network shall not be required to intercept services executed by the home network. 

Based upon national regulations, UMTS services executed in the home network may be intercepted in the home 
network. 

5.2 Normal operation 

This section gives the expected operation for lawful interception. 

5.2.1 Intercept administration requirements 

A secure means of administrating the service by the 3GMS operator and intercept requesting entity is necessary. This 
mechanism shall provide means to activate, deactivate, show, or list targets in the 3GMS as quickly as possible. The 
function shall be policed by appropriate authentication and audit procedures. The administration function shall allow 
specific lAs to be associated with target subscribers when Location Dependent Interception is being used. 

5.2.1.1 Activation of LI 

As a result of the activation (of a warrant) it shall be possible to request for the specified target, either IRI, or both the 
IRI and the CC and designate the LEA destination addresses for the delivery of the IRI and if required CC. These shall 
be selectable on a 3GMS basis according to national options. 

5.2.1.2 Deactivation of LI 

As a result of deactivation it shall be possible to stop all, or a part of, interception activities for the specified target. 

5.2.1 .3 Security of processes 

The intercept function shall only be accessible by authorised personnel. 

To be effective, interception must take place without the knowledge of either party to the communication. Therefore, 
decryption must also take place without either party being aware that it is happening. 

No indication shall be given to any person except authorised personnel that the intercept function has been activated on 
a target. Authentication, encryption, audits, log files and other mechanisms may be used to maintain security in the 
system. Audit procedures should be capable of keeping accurate logs of administration commands. 

NWOs/APs/SvPs shall ensure that its equipment, facilities, or services that provide a customer or subscriber with the 
ability to originate, terminate, or direct communications are capable of facilitating authorized communications 
interceptions and access to intercept related information unobtrusively and with a minimum of interference with any 
subscriber's telecommunications service and in a manner that protects: 

(A)the privacy and security of communications and intercept related information not authorized to be intercepted; 
and 

(B) information regarding the LEA's interception of communications and access to intercept related information. 
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A NWOs/APs/SvPs shall not be responsible for decrypting, or ensuring the LEA's ability to decrypt, any 
communication encrypted by a subscriber or customer, unless the encryption was provided by the NWOs/APs/SvPs and 
the NWOs/APs/SvPs possesses the information necessary to decrypt the communication or the NWOs/ APs/SvPs 
provides encryption keys but does not provide the encryption itself. In the case that the NWOs/ APs/SvPs provides 
encryption keys to the subscriber or customer but does not provide the encryption itself, the NWOs/ APs/SvPs shall 
provide the keys to the LEA if required by national regulations. 

5.2.2 Intercept invocation 

5.2.2.1 Invocation events for lawful interception 

In general. Lawful interception should be invoked when the transmission of information or an event takes place that 
involves the target. Examples of when Lawful interception could be invoked are when: 

A circuit switched call is requested originated from, terminated to, or redirected by the target. 

Location information related to the target facility is modified by the subscriber attaching or detaching from the 
network, or if there is a change in location. 

An SMS transfer is requested - either originated from or terminated to the target, 

- A data packet is transmitted to or from a target. 

5.2.2.2 Invocation and removal of interception regarding services 

The invocation of lawful interception shall not alter the operation of a target's services or provide indication to any party 
involved in communication with the target. Lawful interception shall not alter the standard function of 3GMS network 
elements. 

If lawful interception is activated during a circuit switched service, the currently active circuit switched service is not 
required to be intercepted. If lawful interception is deactivated during a circuit switched service, all ongoing intercepted 
activities may continue until they are completed. 

If lawful interception is activated when a packet data service is already in use, the next packets transmitted shall be 
intercepted. If lawful interception is deactivated during a packet data service, the next packets shall not be transmitted. 

5.2.2.3 Correlation of information and product 

When both IRI and CC are invoked, an unambiguous correlation shall be established between the two. The IRI and CC 
shall be delivered in as near real time as possible. 

NOTE: Clarification about correlation limitations during inter-PLMN call or session handovers is for further 
study. 



5.3 Exceptional procedures 



When a failure occurs while establishing the connection towards the LEA to transfer the CC this shall not result in any 
interruption of the ongoing telecommunications service. No further specific requirements apply for the CC in the 
3GMS. 

A national option may be that when failure occurs while trying to provide the IRI it shall be temporarily stored in the 
3GMS and some further attempts shall be made to deliver it if available. 



5.4 Interworking considerations 



For 3GMS, the network, homed or visited, shall not be responsible to interpret the protocol used by the target, or to 
remove user level compression or encryption. 
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5.5 Charging aspects 



The 3GMS may charge for intercept service subject to national laws and regulations. Charging mechanisms include the 
following: 

Use of network resources, 

Activation and deactivation of the target, 

Every intercept invocation. 

Flat rate. 

The 3GMS shall be capable of producing intercept-charging data. It shall be possible to produce this data in such a way 
that access by non-authorised personnel or the target is precluded. 



5.6 Minimum service requirements 



Quality of service, capacity, integrity and reliability are the subject of bilateral agreement between the relevant 
authorities and the 3GMS operator. The QoS towards the delivery function provided by the network must be at least 
that the network provides to the target. 



Handover Interface Requirements 



Handover interface requirements are defined in 3GPP TS 33.108 [10]. For national or regional specifications, see 
ETSI ES 201 671 [4] and J-STD-025-A [8]. 
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